- name: check/create instance for jenkins-master
  hosts: jenkins-cloud  # 209.132.184.153
  user: root
  gather_facts: False
  tags:
   - jenkins_master

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"

  tasks:
  - include: "{{ tasks }}/persistent_cloud.yml"
  - include: "{{ tasks }}/growroot_cloud.yml"

- name: provision master
  hosts: 209.132.184.153
  user: root
  gather_facts: True
  tags:
   - jenkins_master

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
  vars:
   - resolvconf: resolv.conf/jenkins-cloud

  roles:
   - base

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"

  - name: make the jenkins path
    action: file state=directory path=/var/lib/jenkins

  - name: mount our persistent space
    action: mount name=/var/lib/jenkins src='LABEL=jenkins' fstype=ext4 state=mounted

  - name: poke firewall holes
    action: command lokkit {{ item }}
    with_items:
    - --service=ssh
    - --service=https
    - --service=http

  - name: install pkgs for jenkins
    action: yum state=installed pkg={{ item }}
    with_items:
    - vim
    - dejavu-s\*
    - fontconfig
    - java-1.6.0-openjdk
    - httpd
    - openssh-clients
    - git
    tags:
    - packages

  - name: add jenkins proxy config file for apache
    action: copy src="{{ files }}/jenkins/master/jenkins-apache.conf" dest=/etc/httpd/conf.d/jenkins-apache.conf owner=root group=root mode=0644
    notify:
    - restart httpd
    tags:
    - config

  - name: enable apache
    action: service name=httpd state=running enabled=true

  - name: add jenkins upstream repo
    action: copy src="{{ files }}/jenkins/master/jenkins.repo" dest=/etc/yum.repos.d/jenkins.repo  owner=root group=root
    tags:
     - config

  - name: import jenkins upstream gpg key
    action: copy src="{{ files }}/jenkins/master/jenkins-ci.org.key" dest=/etc/pki/rpm-gpg/RPM-GPG-KEY-jenkins-ci.org owner=root group=root
    tags:
     - config

  - name: install pkgs for jenkins
    action: yum state=installed pkg={{ item }}
    with_items:
    - jenkins
    tags:
    - packages

  - name: set the hostname to jenkins-osversion
    action: command hostname jenkins-master-{{ dist_tag }}
    tags:
    - config

  - name: make sure jenkins is stopped
    action: service name=jenkins state=stopped

  - name: clean any previous plugin deployments
    action: file state=absent path=/var/lib/jenkins/plugins

  - name: mkdir dir for jenkins data
    action: file state=directory path=/var/lib/jenkins/plugins/ owner=jenkins group=jenkins

  - name: Download jenkins plugins
    get_url: url=https://updates.jenkins-ci.org/download/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}.hpi
             dest=/var/lib/jenkins/plugins/{{ item.name }}.hpi
             sha256sum={{ item.sha }}
    with_items:
        - name: bazaar
          version: 1.22
          sha: d7ff0987c96e2a694257ecf897ceee376908c5f94abfd1d5efc32482e4d54141
        - name: chucknorris
          version: 0.5
          sha: bd9df0507008255ad2ed046368d10a4d039a6cbcfefb53c71c1768cc0dcbf65b
        - name: cobertura
          version: 1.9.3
          sha: 3db93d70486b80a904a74ce40b0ac6a7812d1f522f820d0e5d7b538401bc2946
        - name: cvs
          version: 2.11
          sha: 7c917bc824019a81d54472c525e4d724dfb4ae10b59bf64e692a2fc59fcd33cc
        - name: external-monitor-job
          version: 1.2
          sha: 8dd2644271d0138839490342833e9ff7f82772038f673f5ac6220193c587747d
        - name: git
          version: 2.0.1
          sha: 68c7fa6f9e3e1e3991bbba67ca86c2590e425f80a7176171ad7c645d57abe839
        - name: git-client
          version: 1.6.1
          sha: 6b5762e7f423e0c40b068f671a276e83e4093c019164f61959b83d98bc24dedd
        - name: instant-messaging
          version: 1.28
          sha: 0b84561fd72cb80d89c5c57548fe8b7270d448f66361dedd07e227fb1bd44f03
        - name: ldap
          version: 1.8
          sha: 491905ec3675b6a5acf2098722c121732801fd6210e6ff54bc99d213b5b8ee58
        - name: maven-plugin
          version: 2.1
          sha: 1f80592242251bd1c3ca7ba0290905567bba2883fdf828f66a6759d64d1a64bf
        - name: mercurial
          version: 1.49
          sha: c7af29d9af2071aa60fd82efc90d97f52c38b8911160796c1d9c0a89768f36e4
        - name: openid
          version: 1.8
          sha: fed09c7da7762323cf55c3b725493622a4a2460eab8622230497e35914ac9d7e
        - name: python
          version: 1.2
          sha: e3358a945f21b84a8156237b0d621815a7822322e1180ae1e66d10798aaf1f56
        - name: scm-api
          version: 0.2
          sha: cc856d8dc8b951cf9a195baa2bf7bbff0d12368534a6b973e43e2909141eff3f
        - name: ssh-agent
          version: 1.4.1
          sha: ae8227bf219e96a4d76f36dc6d6e652ddd0209e8d9c4cf4483a07858d707ce6e
        - name: subversion
          version: 1.54
          sha: 90c109cbecdf00fbe1a377770d735cf12dcae6f750c00b19b59eaee223a54aa2
        - name: translation
          version: 1.11
          sha: 4d88b8d74ade119cef76827bd385693447fa68fa18fd1bfc8806aff9d931f00e
        - name: violations
          version: 0.7.11
          sha: f8eacb53eb01f83f3702009a41cef89e520a72933671ac1ee9154d88bde2d67a
        - name: xunit
          version: 1.81
          sha: 8749ef1b3861ea6a5166c7a6f443e20dca346f98aa58ab2bb3f3376b6392244e
        - name: multiple-scms
          version: 0.3
          sha: e79d7e855ffe0ad060d11ae1ce0b39f68e7fa031c6e831f60fe33e5ddb3392ac
        - name: credentials
          version: 1.9.4
          sha: 2fedc41d977a166c1addd82cd0cc9b73cffd34b97f7c0756bad7dc198ccd98de
        - name: mailer
          version: 1.8
          sha: fb9c6d471c2fea97fc2ccb64bfac18f77c847e740bcc2d5a4de31c35e851728a
    notify:
      - restart jenkins
    tags:
     - config

  - name: Download additional jenkins plugins (from the maven repo)
    get_url: url=http://maven.jenkins-ci.org/content/repositories/releases/org/jvnet/hudson/plugins/{{ item.name }}/{{ item.version }}/{{ item.name }}-{{ item.version }}.hpi
             dest=/var/lib/jenkins/plugins/{{ item.name }}.hpi
             sha256sum={{ item.sha }}
    with_items:
        - name: warnings
          version: 4.39
          sha: 7652b7ed8971de932f46323aa8e0ddee2bcf4f14839296481ae79590e09f7606
    notify:
      - restart jenkins
    tags:
     - config

  - name: import jenkins configuration files
    action: copy src={{ item }} owner=jenkins group=jenkins dest=/var/lib/jenkins/ backup=yes
    with_fileglob:
     - "{{ files }}/jenkins/master/*.xml"
    tags:
     - config

  - name: add jenkins ssh priv key so it can connect to clients
    action: copy src="{{ private }}/files/jenkins/ssh/jenkins_master" dest=/var/tmp/jenkins_master_id_rsa mode=600 owner=jenkins group=jenkins
    tags:
    - config

  - name: add jenkins credentials it can connect to clients
    action: copy src="{{ private }}/files/jenkins/ssh/credentials.xml" dest=/var/lib/jenkins/
    tags:
    - config

  - name: start jenkins itself
    action: service name=jenkins state=running

  - name: wait for a dir to exist - this is just ugly
    shell: while `true`; do [ -d /var/lib/jenkins/plugins/openid/WEB-INF/lib/ ] && break; sleep 5; done
    async: 1800
    poll: 20

  - name: jenkins hotfix big file
    copy: src={{ item }} dest=/var/lib/jenkins/plugins/openid/WEB-INF/lib/ group=jenkins mode=655
    with_fileglob:
     - "{{ bigfiles }}/hotfixes/jenkins/openid/*.jar"
    notify:
      - restart jenkins

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

###################################################
# jenkins slaves

- name: check/create instance for jenkins-slaves
  hosts: jenkins-slaves
  user: root
  gather_facts: False
  tags:
   - jenkins_workers

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
  vars:
   - keypair: fedora-admin-20130801
   - security_group: default

  tasks:
  - include: "{{ tasks }}/persistent_cloud.yml"
  - include: "{{ tasks }}/growroot_cloud.yml"

- name: provision workers
  hosts: jenkins-slaves
  user: root
  gather_facts: True
  tags:
   - jenkins_workers

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "{{ private }}/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  tasks:
  - include: "{{ tasks }}/cloud_setup_basic.yml"

  - name: add jenkins repos
    action: copy src={{ item }} dest=/etc/yum.repos.d/ owner=root group=root
    with_fileglob:
     - "{{ files }}/jenkins/slaves/*.repo"
    tags:
    - config
    - packages

  - name: install pkgs for jenkins
    action: yum state=installed pkg={{ item }}
    with_items:
    - vim
    - java-1.7.0-openjdk
    - java-1.7.0-openjdk-devel
    - subversion
    - bzr
    - git
    - rpmlint
    - rpmdevtools
    - mercurial
    - mock
    - gcc
    - gcc-c++
    - libjpeg-turbo-devel
    - python-bugzilla
    - python-straight-plugin
    - python-pip
    - python-virtualenv
    - python-coverage
    - pylint
    - python-argparse
    - python-nose
    - python-BeautifulSoup
    - python-fedora
    - python-unittest2
    - python-pep8
    - python-psycopg2
    - postgresql-devel   # Required to install python-psycopg2 w/in a venv
    - docbook-style-xsl  # Required by gimp-help-2
    - make               # Required by gimp-help-2
    - automake           # Required by gimp-help-2
    - libcurl-devel      # Required by blockerbugs
    - python-formencode  # Required by javapackages-tools
    - asciidoc           # Required by javapackages-tools
    - xmlto              # Required by javapackages-tools
    - pycairo-devel      # Required by dogtail
    - pyflakes           # Requested by user rholy (ticket #4175)
    tags:
    - packages

  - name: install pkgs for jenkins for fedora systems
    action: yum state=installed pkg={{ item }}
    #when: is_fedora == 'True'
    with_items:
    - python3
    - python-nose-cover3
    - python3-nose-cover3
    - sbt
    - glibc.i686
    - glibc-devel.i686
    - libstdc++.i686
    - zlib-devel.i686
    - ncurses-devel.i686
    - libX11-devel.i686
    - libXrender.i686
    - libXrandr.i686
    - nspr-devel           ## Requested by 389-ds-base
    - nss-devel
    - svrcore-devel
    - openldap-devel
    - libdb-devel
    - cyrus-sasl-devel
    - icu
    - libicu-devel
    - gcc-c++
    - net-snmp-devel
    - lm_sensors-devel
    - bzip2-devel
    - zlib-devel
    - openssl-devel
    - tcp_wrappers
    - pam-devel
    - systemd-units
    - policycoreutils-python
    - openldap-clients
    - perl-Mozilla-LDAP
    - nss-tools
    - cyrus-sasl-gssapi
    - cyrus-sasl-md5
    - libdb-utils
    - systemd-units
    - perl-Socket
    - perl-NetAddr-IP
    - pcre-devel            ## End of request list for 389-ds-base
    - maven                 # Required by xmvn https://fedorahosted.org/fedora-infrastructure/ticket/4054
    - gtk3-devel            # Required by dogtail
    - glib2-devel           # Required by Cockpit
    - libgudev1-devel
    - json-glib-devel
    - gobject-introspection-devel
    - libudisks2-devel
    - NetworkManager-glib-devel
    - systemd-devel
    - accountsservice-devel
    - pam-devel
    - autoconf
    - libtool
    - intltool
    - jsl
    - python-scss
    - gtk-doc
    - krb5-devel
    - sshpass
    - perl-Locale-PO
    - perl-JSON
    - glib-networking
    - realmd
    - udisks2
    - mdadm
    - lvm2
    - sshpass           # End requires for Cockpit
    - tito              # Requested by msrb for javapackages-tools and xmvn (ticket#4113)
    - pyflakes          # Requested by user rholy (ticket #4175)
    tags:
    - packages

  - name: drop current android SDK
    when: is_fedora == 'True'
    action: file state=absent path=/var/android

  - name: mkdir dir for android SDK
    when: is_fedora == 'True'
    action: file state=directory path=/var/android owner=jenkins_slave group=jenkins_slave

  - name: copy android SDK
    when: is_fedora == 'True'
    action: copy src="{{ bigfiles }}/jenkins/android-sdk-with-platform-17.tar.gz" dest=/var/android/ owner=jenkins_slave group=jenkins_slave

  - name: extract android SDK
    when: is_fedora == 'True'
    command: tar -xvf /var/android/android-sdk-with-platform-17.tar.gz --owner=jenkins_slave --group=jenkins_slave -C /var/android/

  - name: delete sdk archive
    when: is_fedora == 'True'
    action: file state=absent path=/var/android/android-sdk-with-platform-17.tar.gz

  - name: set the hostname to jenkins-osversion
    action: command hostname jenkins-{{ dist_tag }}
    tags:
    - config

  - name: setup jenkins_slave user
    action: user name=jenkins_slave state=present createhome=yes system=no
    tags:
    - jenkinsuser

  - name: setup jenkins_slave ssh key
    action: authorized_key user=jenkins_slave key="{{ item }}"
    with_file:
    - "{{ private }}/files/jenkins/ssh/jenkins_master.pub"

  - name: jenkins_slave to mock group
    action: user name=jenkins_slave groups=mock

  - name: add .gitconfig for jenkins_slave user
    action: copy src="{{ files }}/jenkins/gitconfig" dest=/home/jenkins_slave/.gitconfig owner=jenkins_slave group=jenkins_slave mode=664
    tags:
     - config

  - name: template sshd_config
    action: copy src={{ item }} dest=/etc/ssh/sshd_config mode=0600 owner=root group=root
    first_available_file:
      - "{{ files }}/jenkins/sshd_config_slave.{{ ansible_distribution }}"
      - "{{ files }}/jenkins/sshd_config_slave"
    notify:
    - restart sshd
    tags:
     - config

  - name: mkdir dir for jenkins data
    action: file state=directory path=/mnt/jenkins owner=jenkins_slave group=jenkins_slave

  handlers:
  - include: "{{ handlers }}/restart_services.yml"

